Practicable Unified Security, Trust and Privacy (STP) Framework for Federated Access Management (FAM)

In open environment there are always challenges in bridging the gap between Security, Trust and Privacy (STP) in Federated Access Management (FAM) systems. This challenge is mainly due to difficulties in providing a practical and efficient framework to handle the often conflicting requirements and expectations of STP in a unified manner. Many of the existing researches address the gap between mainly two areas i.e. security and privacy or security and trust. In this paper, we describe our efforts to narrow the STP gap in FAM and present some implementation experiences in crafting two distinct Unified STP Frameworks (UnifiedSTPFs), namely emergent and practicable, for federated access. We propose the use of the combined strengths of user authentication (AuthN), Trustworthy Mutual Attestation (TMutualA) protocol, and privacy enhancement via Shibboleth. We also presented some lessons learnt during implementation of the practicable UnifiedSTPF for FAM systems in Web Single Sign-On (WSSO) environment and possible future works.